2018-19 Standards for NHS Providers
OFFICIAL NHS fraud. Spot it. Report it. Together we stop it. Standards for NHS Providers 2018-19 Fraud, bribery and corruption February 2018 Version 1.0
OFFICIAL Standards for NHS bodies 2018-19 - Version control Version Name Date Comment 1.0 First edition Feb 2018 NA
1 Introduction ___ 5
2 The NHS Standard Contract ___ 6
3 Overview of the standards ___ 7
Introduction ___ 7
Counter fraud standards ___ 7
4 The quality assurance programme ___ 8
Overview ___ 8
Counter fraud, bribery and corruption quality assurance programme ___ 9
Annual report ___ 9
Self review tool ___ 10
Assessments ___ 10
Full assessment ___ 11
Focused assessment ___ 11
Thematic assessment ___ 12
Assessment process ___ 13
Performance ratings ___ 14
Identifying and mitigating risks ___ 16
Risk ___ 16
Objective ___ 16
Task ___ 16
Outputs ___ 16
Outcomes ___ 16
Weightings ___ 17
Reasonable expectations ___ 17
Feedback ___ 17
5 Standards ___ 18
Key Principle 1: Strategic Governance ___ 18
Standard 1.1 ___ 18
Standard 1.2 ___ 20
Standard 1.3 ___ 22
Standard 1.4 ___ 24
Standard 1.5 ___ 26
Standard 1.6 ___ 28
Standard 1.7 ___ 30
Key Principle 2: Inform and Involve ___ 32
Standard 2.1 ___ 32
Standard 2.2 ___ 35
Standard 2.3 ___ 37
Standard 2.4 ___ 39
Key Principle 3: Prevent and Deter ___ 42
Standard 3.1 ___ 42
Standard 3.2 ___ 44
Standard 3.3 ___ 46
Standard 3.4 ___ 48
Standard 3.5 .
Standard 3.6 ___ 53
Key Principle 4: Hold to Account ___ 55
Standard 4.1 ___ 55
Standard 4.2 ___ 57
Standard 4.3 ___ 59
Standard 4.4 ___ 61
Standard 4.5 ___ 63
Standard 4.6 ___ 65
6 Appendices ___ 67
Appendix 1 - QA programme - Reasonable expectations of the parties ___ 67
Appendix 2 – The counter fraud assurance programme ___ 68
Appendix 3 – Summary of changes for 2018-19 . 69
OFFICIAL Standards for NHS Providers 2018-19 - Introduction - Page 5 of 69 1 Introduction 1.1 This document aims to provide information to providers of NHS services on the counter fraud clauses in the NHS Standard Contract 2017/20191 , and explain what providers need to do to comply with them.
1.2 The NHS Counter Fraud Authority (NHSCFA) is a new Special Health Authority, established on 1 November 2017 and charged with identifying, investigating and preventing fraud within the NHS and the wider health group. The legislation which created the NHSCFA transferred all functions and powers from NHS Protect to the NHSCFA. The NHSCFA is independent from other NHS bodies and is directly accountable to the Department of Health and Social Care. 1.3 For more information please visit the NHSCFA website at https://cfa.nhs.uk. 1.4 The term ‘fraud’ above in 1.2 refers to a range of economic crimes, such as fraud, bribery and corruption or any other illegal acts committed by an individual or group of individuals to obtain a financial or professional gain.
1.5 The NHSCFA has five high-level organisational aims. These are: Deliver the Department of Health and Social Care strategy, vision and strategic plan and lead counter fraud activity in the NHS in England. Be the single expert intelligence led organisation providing a centralised investigation capacity for complex economic crime matters in the NHS. Lead and influence the improvement of standards in counter fraud work across the NHS.
Take the lead in and encourage fraud reporting across the NHS and wider health group. Continue to develop the expertise of staff working for the NHSCFA. 1.6 The NHS Standard Contract includes mandatory clauses that require providers of NHS services to put in place and maintain appropriate counter fraud arrangements in Chapter 2. 1.7 An overview of the standards is provided in Chapter 3. 1.8 Chapter 4 provides an overview of the quality assurance programme. 1.9 Finally, Chapter 5 provides a detailed explanation for each of the standards, giving an indication of what the organisation needs to do to comply with the standard.
1 NHS Standard Contract updated January 2018.
OFFICIAL Standards for NHS Providers 2018-19 - The NHS Standard Contract - Page 6 of 69 2 The NHS Standard Contract 2.1 The NHS Standard Contract published by NHS England, should be used by Clinical Commissioning Groups (CCGs) and NHS England when commissioning NHS funded services including acute, ambulance, care home, communitybased, high secure and mental health and learning disability services. CCGs must also use the NHS Standard Contract for all community-based services provided by GPs, pharmacies and optometrists that have been previously commissioned as Local Enhanced Services.
2.2 The counter fraud clauses are set out in Service Condition 24 and place the follow obligations on providers of NHS services: Service Condition 24.1 requires all providers to put in place and maintain appropriate counter fraud arrangements, having regard to the NHSCFA’s standards. Service Condition 24.2 requires those relevant providers which are licensed2 by Monitor3 , and NHS Trusts, to take the necessary action to meet the standards set by the NHSCFA. Service Condition 24.3 requires the provider to allow, if requested by the co-ordinating commissioner or the NHSCFA, a person duly authorised to act on behalf of the NHSCFA or on behalf of any commissioner to review, in line with the appropriate standards, and counter fraud arrangements put in place by the provider.
Service Condition 24.4 requires the provider to implement any modifications to its counter fraud arrangements required by a person referred to in Service Condition 24.3 within such timescales as that person may reasonably require. Service Condition 24.5 requires the provider to report any suspected fraud or corruption involving a service user or NHS funds to the LCFS of the relevant NHS body and the NHSCFA. Service Condition 24.6 requires the provider, on the request of the Department of Health and Social Care, NHS England, the NHSCFA or the co-ordinating commissioner, to ensure that the NHSCFA or any LCFS appointed by a commissioner is given access within five operational days to property, premises, information and staff for the purpose of detecting and investigating cases of fraud and corruption incidents and breaches.
2.3 The standards referenced in Service Condition 24.2 are explained in Chapter 5. 2 A licence granted by NHS Improvement under section 87 of the Health and Social Care Act 2012. 3 NHS Improvement has brought together two distinct legal entities: Monitor, a non-departmental public body and the NHS Trust Development Authority, a special health authority, under a single leadership and operating model. Both organisations continue to maintain their current legal underpinnings as two separate bodies. Monitor is a corporate body provided by section 61 of the Health and Social Care Act 2012.
OFFICIAL Standards for NHS Providers 2018-19 - Overview of the standards - Page 7 of 69 3 Overview of the standards Introduction 3.1 The NHSCFA is committed to ensuring NHS resources are appropriately protected from fraud, bribery and corruption and has developed a series of counter fraud standards for providers of NHS services.
3.2 Providers should ensure that NHS funds and resources are safeguarded against those minded to commit fraud, bribery or corruption. Failure to do so impacts on a provider’s ability to deliver services and treatment, as NHS funds and resources are wrongfully diverted from patient care.
Counter fraud standards 3.3 The standards in this document have been developed to support NHS providers in implementing appropriate measures to counter fraud, bribery and corruption. Having appropriate measures in place helps to protect NHS resources against fraud, bribery and corruption and ensures they are used for their intended purpose, the delivery of patient care. It is the responsibility of the organisation as a whole to ensure it meets the required standards. However, one or more departments or individuals may be responsible for implementing a specific standard. The key departments or individuals likely to be involved in helping the organisation meet the fraud, bribery and corruption standards are finance, internal and external audit, risk, communications and human resources.
3.4 The fraud, bribery and corruption standards are set out in detail in Chapter 5 of this document and there are four key sections that follow the NHSCFA’s strategy: 3.5 Key Principle 1: Strategic Governance. This section sets out the standards in relation to the organisation’s strategic governance arrangements. The aim is to ensure that counter fraud measures are embedded at all levels across the organisation. (Chapter 5, Standards 1.1 – 1.7) 3.6 Key Principle 2: Inform and Involve. This section sets out the requirements in relation to raising awareness of crime risks against the NHS and working with NHS staff, stakeholders and the public to highlight the risks and consequences of fraud and bribery affecting the NHS.
(Chapter 5, Standards 2.1 – 2.4) 3.7 Key Principle 3: Prevent and Deter. This section sets out the requirements in relation to discouraging individuals who may be tempted to commit fraud against the NHS and ensuring that opportunities for fraud to occur are minimised. (Chapter 5, Standards 3.1 – 3.6) 3.8 Key Principle 4: Hold to Account. This section sets out the requirements in relation to detecting and investigating economic crime, obtaining sanctions and seeking redress. (Chapter 5, Standards 4.1 – 4.6)
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 8 of 69 4 The quality assurance programme Overview 4.1 The NHSCFA mission is to lead the fight against fraud affecting the NHS and wider health service, and protect vital resources intended for patient care. Its vision is for an NHS which can protect its valuable resources from fraud. Its purpose is to lead the NHS in protecting its resources by using intelligence to understand the nature of fraud risks, investigate serious and complex fraud, reduce its impact and drive improvements.
4.2 The NHS counter fraud quality assurance programme will drive these improvements by ensuring that quality requirements are fulfilled.
This will be done through systematic measurement, comparison with standards, monitoring of processes and a continuous loop of feedback. 4.3 Using the counter fraud, bribery and corruption standards set out in this document, the NHSCFA will support organisations through regular benchmarking, compliance testing, evaluation of effectiveness and value for money indicators. The quality assurance programme also enables the analysis of trends and patterns in performance in relation to each standard for each organisation type. This will assist in providing comprehensive and focused support to organisations.
4.4 Additionally, the NHSCFA will provide robust assurance to stakeholders, including participating organisations, NHS England and the Department of Health and Social Care (DHSC). Using our strong links with regulators such as the Care Quality Commission (CQC) and NHS Improvement, we will share information about the standards of counter fraud work to eliminate duplication of effort for providers. 4.5 Quality assurance of counter fraud work has been shown to drive up standards and the NHSCFA has developed a flexible, responsive and transparent process which will be provided through monitored action plans.
This will ensure that the counter fraud work carried out mitigates both national and local identified risks. 4.6 This section provides guidance on the quality assurance programme and should be used in conjunction with other relevant instructions and guidance that have been issued to support counter fraud work.
4.7 These documents include: The NHS Standard Contract NHSCFA standards for providers - fraud, bribery and corruption (as outlined in chapters 3 and 5) NHS Counter Fraud Manual4 CIPFA Code of Practice on Managing the Risk of Fraud and Corruption. 4 Access to secure NHSCFA Extranet is required via N3 to access this resource.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 9 of 69 4.8 This list is not exhaustive and additional guidance can always be sought from the NHSCFA if required. Counter fraud, bribery and corruption quality assurance programme 4.9 The NHSCFA quality assurance programme comprises of two main processes: assurance and assessment.
Both are closely linked to the counter fraud, bribery and corruption standards set out in this document. 4.10 The quality assurance process includes an annual self review against the standards, which is conducted by organisations and submitted to the NHSCFA. The assessment process is conducted by the NHSCFA’s Quality and Compliance team in partnership with the organisation. Annual report 4.11 The NHSCFA requires organisations to provide an annual statement of assurance against the counter fraud standards. This statement of assurance is provided through completion of the annual report and the Self Review Tool (SRT).
4.12 Standard 1.5 requires organisations to produce an annual report. To assist organisations with this, a template has been produced, which is available at NHSCFA Extranet5 . The template is not intended to stipulate either the format that should be used or specific text describing counter fraud, bribery and corruption activities. However, the following items must be included in the annual report: the completed self review tool a signed declaration using the wording as indicated in the annual report template the days used to deliver counter fraud, bribery and corruption work the cost of counter fraud, bribery and corruption work carried out during the year.
4.13 There is no requirement to send the annual report to the NHSCFA’s Quality and Compliance team, unless the organisation is selected for assessment and the annual report is requested as part of the evidence submitted. 4.14 Although the annual report may usually be completed by the nominated counter fraud, bribery and corruption specialist, it is crucial that sign-off is provided by an executive representative of the organisation to provide stakeholders with the correct level of assurance. The member of the executive board responsible for overseeing counter fraud, bribery and corruption work should sign off the annual report by completing and signing it as indicated on the guidance template.
This will provide participating organisations, NHS England and DHSC with assurance that the organisation complies with counter fraud, bribery and corruption standards in line with its contractual obligations. 5 Access to secure NHSCFA Extranet is required via N3 to access this resource.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 10 of 69 4.15 The Quality and Compliance team will select the organisations to be assessed along with the type of assessment that will be undertaken. While we cannot carry out assessments of all organisations every year, we will endeavour to cover organisations regularly. Under-representation in any of the groups relating to sector or type will need to be addressed to ensure that the fullest picture of the delivery of counter fraud, bribery and corruption work is obtained. Although we seek to provide organisations with some certainty about whether or not they will be assessed, sometimes new information is received which results in a triggered assessment.
However, we will give ample notice of any assessment we undertake.
Self review tool 4.16 The self review tool (SRT) enables the organisation to produce a summary of the counter fraud, bribery and corruption work conducted over the previous twelve months. Organisations are required to complete the SRT annually and return it to the NHSCFA by a specified deadline. The SRT also covers the key areas of activity outlined in the standards. 4.17 Upon completion, the SRT provides a red, amber or green (RAG) rating for each of the key areas and an overall RAG rating. Further details of the red, amber and green ratings are outlined in Performance Ratings (paragraph 4.41) onwards.
4.18 Organisations should use the SRT in conjunction with their work planning. They can use it to review the progress made against the work plan developed at the beginning of the year. The SRT can also assist them in identifying risk areas and formulating objectives and tasks as they develop the work plan for the following financial year. Organisations can also use the SRT to monitor their compliance with the requirements of the standards throughout the year. Assessments 4.19 The assessment process is a means of evaluating an organisation’s effectiveness in dealing with the fraud, bribery and corruption risks it faces.
The process covers all activity carried out in the two years before the date of the assessment. The process is designed to be flexible, transparent and responsive to locally and nationally identified fraud, bribery and corruption risks. Where required, the NHSCFA shall provide organisations with recommendations to support them in mitigating their risks.
4.20 If an organisation, in the judgement of the Quality and Compliance team, requires an assessment, one of four types of assessment will be conducted: Full Focused Thematic Triggered.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 11 of 69 Full assessment 4.21 A full assessment would normally be used when an organisation’s counter fraud arrangements are identified as at significant risk. Such an organisation may demonstrate some or all of the following areas of concern (the list is not exhaustive): The RED, AMBER or GREEN rating provided in the SRT is not supported by the annual report or any comments made in the SRT.
Counter fraud, bribery and corruption provision is lacking or inadequate. There are recommendations from previous assessments that have not been addressed.
There is no evidence of a risk-based approach to counter fraud, bribery and corruption work. The organisation is new or has started to provide significant additional services, and no previous history of effective counter fraud, bribery or corruption work exists. There are significant gaps in NHSCFA required activity across key areas of activity or NHSCFA priority areas. Significant concerns are raised by another part of the NHSCFA. The member of the executive board responsible for overseeing counter fraud, bribery and corruption work raises concerns regarding the quality of the local counter fraud, bribery and corruption service received.
A regulator such as NHS Improvement or CQC raises concerns regarding the quality of the service received. 4.22 A full assessment is conducted on all the NHSCFA key areas of activity as outlined in the standards.
Focused assessment 4.23 A focused assessment is undertaken in cases where an organisation either demonstrates a risk in a specific area of counter fraud, bribery or corruption activity or has demonstrated effective practice in one or more areas. A focused assessment is conducted on one or at most two of the key areas of activity, for example Strategic Governance or Inform and Involve. 4.24 A focused assessment might be conducted with organisations demonstrating some or all of the following characteristics: The RED, AMBER or GREEN rating provided in the SRT is not supported by the annual report or any comments made in the relevant section of the SRT.
There is a lack of evidence of measurable outcomes from the work conducted to mitigate risk. Significant concerns are raised by another part of the NHSCFA. There are gaps in one or two of the key areas of activity, for example Hold to Account.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 12 of 69 Thematic assessment 4.25 A thematic assessment applies to a number of organisations and may be conducted regionally or across organisations of a similar type. 4.26 Driven primarily by NHSCFA and DHSC priority areas, thematic assessments focus on compliance and the identification of effective practice, or on areas of concern identified by the Quality and Compliance team.
New NHSCFA guidance, after a reasonable period given for it to be embedded in organisations, may be followed up by a thematic assessment. 4.27 Thematic assessments are likely to focus on a fairly specific part of the standards, possibly only one standard rather than the whole of a key area. Triggered assessments 4.28 Some organisations will not be selected for a full, focused or thematic assessment when the annual assurance is received. However, at any stage during the year organisations may be selected for a triggered assessment. Triggered assessments are driven by emerging risks, normally of a serious nature, which may have come to the attention of the Quality and Compliance team through Senior Quality and Compliance Inspector (SQCI) liaison with other parts of the NHSCFA.
Reasons for a triggered assessment may include, but are not limited to, the following: a significant and adverse change in counter fraud, bribery and corruption specialist provision a significant ongoing failure to manage organisational counter fraud, bribery and corruption risks an ongoing lack of engagement with the NHSCFA’s counter fraud strategy a lack of positive and proactive engagement with NHSCFA staff over a significant period, with a failure to improve after this has been highlighted an ongoing failure to action recommendations from NHSCFA assessments, in spite of support and assistance offered.
4.29 If the organisation is selected for a triggered assessment, this can be a focused or full assessment.
4.30 Following a full or focused assessment, whether triggered or not, the organisation is provided with a written report which provides advice and guidance on driving up the quality and value for money of its counter fraud, bribery and corruption work. The intended outcome is improved standards, measured by future self reviews and annual reports and assessments. 4.31 Other quality assurance and compliance activities, in addition to assessments, may also take place to support and develop counter fraud, bribery and corruption work within the organisation. These could include one-to-one meetings with key personnel, and meetings with audit committees.
4.32 The purpose of the counter fraud, bribery and corruption quality assurance programme is to be constructive and supportive. The assurance and assessment processes do not focus solely on non-compliance with the
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 13 of 69 standards: they also highlight compliance and outcomes achieved. Where standards are not being met, the NHSCFA will provide advice, support and assistance to organisations in order to help them improve performance. Assessment process 4.33 If an organisation is selected for assessment, at least four weeks’ notice will be given of any site visit. The SQCI conducting the assessment will notify the organisation of the dates for the assessment and will indicate the type of assessment and the areas that will be reviewed.
The organisation will be asked to name a specific contact to make the arrangements for the site visit. 4.34 At this stage it is likely that the SQCI will request information from the organisation in relation to the areas that will be reviewed. This information enables the SQCI to formulate relevant questions before the assessment meeting and it helps in the review of evidence collected during the site visit. It is essential that any information requested is received by the SQCI within the deadline given. Failure to provide this information or the provision of late information is likely to extend the site visit and may have an impact on organisational compliance with Standard 1.2.
4.35 During the site visit, the SQCI will wish to speak to the nominated counter fraud, bribery and corruption specialist about the counter fraud, bribery and corruption work carried out at the organisation. Depending on the area of enquiry and the type of assessment conducted, the SQCI may also wish to speak to the member of the executive board responsible for overseeing counter fraud, bribery and corruption work and other key staff. The organisation will be informed of this and given timely notice to make arrangements for these interviews to take place.
4.36 Following the interviews and any additional request for materials, the SQCI will produce a series of recommendations for the organisation to action.
The ratings and recommendations will be discussed at a closing meeting, which ideally will be on the same day as the assessment visit or very shortly afterwards. It is expected that the ratings and recommendations can be agreed at this stage. 4.37 A finalised report will follow the site visit within four weeks. The report will outline the findings of the site visit in full and will include the ratings and recommendations discussed at the closing meeting. Within another four weeks the organisation will be expected to complete an action plan for the recommendations and return it to the SQCI.
4.38 Following this, the organisation will be expected to comply with the NHSCFA’s review process. This will involve sending progress reports and audit committee minutes to the NHSCFA to demonstrate progress against the recommendations made in the final report. The organisation will be advised of requirements in relation to the review process at the closing meeting and in writing. 4.39 Some organisations may have a review assessment site visit between nine and twelve months following the original assessment process. Review assessment site visits will take place when, in the opinion of the SQCI, one is necessary based on information received.
The review assessment site visit should only focus on progress against the recommendations made at the previous assessment, unless there are significant matters that have arisen in the meantime.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 14 of 69 4.40 As indicated above, discussion and liaison are an essential part of the assessment process. Organisations and staff members have a number of opportunities to discuss the assessment process and the recommendations, including during the assessment itself, at the closing meeting and as part of ongoing liaison. For this reason, there is no formal appeal procedure. However, if the organisation is dissatisfied with any aspect of the quality assurance programme, the matter may be raised in the first instance with the National Quality Lead.
Performance ratings 4.41 As a result of both assurance and assessment processes, organisations will be rated as being at red, amber or green depending on how well they have performed against NHSCFA requirements. The benefits of this for organisations include: A clear snapshot of organisational progress against each of the standards. An overall rating, which will assist with benchmarking against other organisations in similar groups or sectors. The ability to monitor and measure ongoing improvement. A means of assurance for DHSC and NHS England. 4.42 The definitions for each performance rating are listed below.
NON-COMPLIANCE with the standard: RED.
A risk has been identified but no action has been taken to mitigate it, or the action taken is insufficient in scope. PARTIAL COMPLIANCE with the standard but little or no impact of work undertaken: AMBER. A risk has been identified and action has been taken to mitigate the risk. There is evidence of compliance through outputs. However, the effectiveness of work undertaken has not yet been evaluated or there is no reduction of the risk. There is therefore little or no evidence of outcomes.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 15 of 69 FULL COMPLIANCE demonstrating impact of the work: GREEN.
A risk has been identified, work has been carried out and the effectiveness of this work has been measured. The risk has been mitigated or significant progress has been made in mitigating the risk. Outcomes are therefore present. 4.43 Organisations which fulfil the requirements of a standard and can provide evidence of this through evaluation can determine performance to be GREEN for that standard. Organisations which can provide evidence of activity carried out, but cannot yet demonstrate that the activity has been assessed for effectiveness will determine performance to be AMBER for that standard.
4.44 Organisations which have carried out no activity or do not have evidence of sufficient activity will need to determine performance at the RED rating. The rating reached for each standard contributes to an overall rating for the relevant key area of activity as well as an organisational rating for achievement against all of the standards.
4.45 Standards 4.4 and 4.5 relate to the taking of witness statements and the conduct of interviews under caution (IUCs). The NHSCFA acknowledges that, during the two-year time period for assessment, investigations conducted may not have progressed to the point where such actions are appropriate. In these circumstances, a neutral performance rating can be assigned for these two standards to indicate where the organisation has been unable to comply with their requirements. Organisation has had no opportunity to meet the standard The organisation has not had the opportunity to complete witness statements/interview under caution to date, as any cases investigated have not progressed to the appropriate stage.
This performance rating is not weighted and, where given, it does not contribute to the overall rating for the Hold to Account area of work or the overall SRT rating. However, during any assessment, if in the judgement of the SQCI and based on the evidence presented, witness statements or IUCs should have been taken/conducted and were not, the performance rating awarded will be RED.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 16 of 69 Identifying and mitigating risks 4.46 Organisations should adopt a risk-based approach when determining the amount of resources required to achieve the highest performance rating for each standard.
Organisations vary in size and needs and a risk-based approach ensures that appropriate resources are mobilised to identify and address the counter fraud, bribery and corruption needs of the organisation. 4.47 Organisations should analyse each standard, consider what action is required and employ appropriate resources to ensure that the standard is met. By applying this method, organisations should end up with a series of tasks that enable the development of a work plan.
4.48 The process that organisations should adopt in identifying and mitigating risks is as follows: Risk 4.49 The organisation should identify and assess the fraud, bribery and corruption risks it faces and put in place measures to address them. Nominated counter fraud, bribery and corruption specialists should be working in areas where risk is present in order to maximise effectiveness. Working in areas where there are no fraud, bribery or corruption risks is not an appropriate use of resources. Objective 4.50 Once areas of risk have been identified and assessed, the organisation and the nominated counter fraud, bribery and corruption specialist should be very clear about their objectives, or what they want to achieve in relation to mitigating or addressing the risk.
Objectives should be clearly formulated (for example, percentage reductions or increases), as this helps with measuring and demonstrating outcomes. Task 4.51 The organisation, probably through the nominated counter fraud, bribery and corruption specialist, should then carry out the appropriate tasks to meet the defined objectives.
Outputs 4.52 These are the products of the tasks performed to meet objectives. Outputs provide evidence that the task has been carried out but generally do not, on their own, provide evidence of outcomes. Outputs may include presentation materials, policies and procedures or terms of reference. Outcomes 4.53 These are the pieces of evidence that demonstrate the effective addressing of identified risks and the fulfilment of defined objectives. Outcomes may include, among other things: staff survey results, case closure reports, or evidence demonstrating staff awareness and understanding of policies and procedures to reduce risk.
OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 17 of 69 4.54 Following this methodology is not compulsory, although organisations will be assessed on the evidence of outputs and outcomes. Weightings 4.55 Some standards are weighted to reflect their overall importance in counter fraud, bribery and corruption work, and to reflect areas where specific improvement is required nationally or where action is particularly required to mitigate organisational risk. The weightings reflect NHSCFA priorities and are subject to ongoing review.
4.56 Weightings may be changed to reflect new and emerging risks addressed in the standards.
If an organisation does not conduct activity against a weighted standard, the overall RAG rating, either for the relevant key area of activity or for the self review as a whole, is affected. Further information on weightings can be shared with organisations, and any queries may be directed to firstname.lastname@example.org. Reasonable expectations 4.57 In order to make the working relationship between organisations and the Quality and Compliance team as effective as possible, we have outlined what organisations can reasonably expect from the QC team and what the QC team reasonably expects from organisations.
Understanding these reasonable expectations (which are set out in Appendix 1) will help both parties make the most of working together. Please note that if organisations do not adhere to these expectations, the organisation may be in breach of Standard 1.2, which deals with compliance with the quality assurance programme. Feedback 4.58 Your opinion counts and as part of our commitment to continuous improvement, we encourage feedback from stakeholders on the quality assurance programme. You can send your comments by email to email@example.com.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 18 of 69 5 Standards Key Principle 1: Strategic Governance Standard 1.1 A member of the executive board or equivalent body is responsible for overseeing and providing strategic management and support for all counter fraud, bribery and corruption work within the organisation. Rationale It is important that counter fraud, bribery and corruption work has effective leadership and a high level of commitment from senior management within an organisation. Identifying an individual from the executive board or equivalent body to oversee this work can help the organisation to focus on its key strategic priorities in relation to counter fraud, bribery and corruption work.
N.B. ‘Equivalent body’ may include, but is not limited to, the board of directors, the board of trustees or the governing body. Oversight of counter fraud, bribery and corruption work should not be delegated to an individual below this level of seniority in the organisation. Ratings Organisation does not meet the standard There is no member of the executive board, or equivalent body, who has a clearly defined responsibility for the strategic management of, and support for, counter fraud, bribery and corruption work.
Where such a responsibility is defined, there is little or no evidence of strategic management of, or support for, counter fraud, bribery and corruption work.
The member of the executive board or equivalent body has not ensured the provision of relevant and timely information regarding counter fraud, bribery and corruption work to the coordinating commissioner upon request. Organisation partially meets the standard Not applicable to this standard.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 19 of 69 Organisation meets the standard There is a member of the executive board or equivalent body who has a clearly defined responsibility for the strategic management of, and support for, counter fraud, bribery and corruption work. There is evidence that this responsibility is discharged effectively. Counter fraud, bribery and corruption objectives are discussed and reviewed at a strategic level within the organisation and this is documented.
The member of the executive board or equivalent body has ensured the provision of relevant and timely information regarding counter fraud, bribery and corruption work to the coordinating commissioner upon request.
Where additional or corrective action is necessary, this is discussed and the appropriate actions taken and documented. Guidance, supporting documentation and evidence Organisations should consider the following (the list is not exhaustive): Board meeting minutes Organisational counter fraud, bribery and corruption work plan Annual report on counter fraud, bribery and corruption work Progress reports to the audit committee, board or executive level managers Minutes of relevant meetings, action points and records of their execution Audit committee minutes Documentation from the nominations process Standing Orders/Standing Financial Instructions Evidence of the supply of counter fraud, bribery and corruption information to coordinating commissioners.
This may include, but is not limited to, the self review tool, the annual report of counter fraud work and the counter fraud work plan.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 20 of 69 Standard 1.2 The organisation’s non-executive directors and board level senior management provide clear and demonstrable support and strategic direction for counter fraud, bribery and corruption work. Evidence of proactive management, control and evaluation of counter fraud, bribery and corruption work is present. If the NHSCFA has carried out a qualitative assessment, the non-executive directors and board level senior management ensure recommendations made are fully actioned.
Rationale In order for the organisation to adequately counter fraud, bribery and corruption, there must be proactive support for the NHSCFA’s strategy at senior management level.
This will ensure that counter fraud, bribery and corruption work meets organisational and NHSCFA requirements and that there is sufficient buy-in for it at senior level. This will mitigate fraud, bribery and corruption risks, protect public money and ensure that NHS funds are used appropriately. N.B. References to board level senior management includes, but is not limited to, the board of directors, the board of trustees or the governing body. Ratings Organisation does not meet the standard There is no evidence of proactive support for counter fraud, bribery and corruption work from senior management.
Senior management demonstrates a lack of awareness of its responsibilities in relation to counter fraud, bribery and corruption work and organisational objectives in this area. Senior management do not ensure that action plan recommendations are implemented following any NHSCFA quality assessment and there is no evidence of demonstrable outcomes. Updates on the implementation of action plan recommendations are not provided to the NHSCFA upon request. Where there is an awareness of responsibilities, there is little or no evidence that senior management has discharged them effectively.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 21 of 69 Organisation partially meets the standard There is evidence of proactive support for counter fraud, bribery and corruption work from senior management at the organisation.
Support for the trained and nominated person carrying out counter fraud, bribery and corruption work on the part of the organisation is present and evident. There is evidence that senior management recognises its responsibilities in relation to counter fraud, bribery and corruption work.
Senior management ensures compliance with the requirements of the NHSCFA’s quality assurance programme. This includes ensuring that action plan recommendations are implemented following any NHSCFA quality assessment. However, there is little or no evidence to indicate that this work has been assessed for effectiveness by the organisation. Organisation meets the standard Senior management ensures that action plan recommendations are implemented following any NHSCFA quality assessment and there is evidence of demonstrable outcomes. Updates on the implementation of action plan recommendations are provided to NHSCFA upon request, in line with NHSCFA’s review process.
Any corrective or preventative actions identified as a result of evaluation are implemented to ensure that counter fraud, bribery and corruption work continues to address organisational risks.
Guidance, supporting documentation and evidence Organisations should consider the following (the list is not exhaustive): The NHSCFA strategy document ‘Leading the fight against NHS Fraud - Organisational Strategy 2017-2020’ Meeting minutes, decisions, action points and records of their execution, particularly for decisions taken at board level Audit committee minutes Documentation from the nominations process Counter fraud, bribery and corruption work plan Communications to staff directly attributed to the chief executive and/or board members, particularly communications to all staff Staff surveys Other evaluation materials such as reports on proactive exercises Documentation arising from the NHSCFA’s quality assurance programme Evidence of the implementation of any recommendations made by the NHSCFA as part of the quality assurance programme NHS Audit Committee Handbook (relevant sections)
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 22 of 69 Standard 1.3 The organisation employs or contracts in an accredited, nominated person (or persons) to undertake the full range of counter fraud, bribery and corruption work, including proactive work to prevent and deter fraud, bribery and corruption and reactive work to hold those who commit fraud, bribery or corruption to account. Rationale Those undertaking counter fraud, bribery and corruption work must have the necessary training, skills and expertise to perform their role professionally and carry out criminal investigations in compliance with all relevant legislation.
They should be nominated by the organisation to NHSCFA, and attend specialist training that has been accredited by the Counter Fraud Professional Accreditation Board . Ratings Organisation does not meet the standard There is no accredited person (or persons) employed or contracted in to carry out the full range of counter fraud, bribery and corruption work on behalf of the organisation.
The LCFS has not attended specialist training that has been accredited by the Counter Fraud Professional Accreditation Board, or has not been appropriately nominated by the organisation. The person (or persons) does not appropriately update their skills in line with NHSCFA and/or legislative requirements. Organisation partially meets the standard Not applicable to this standard.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 23 of 69 Organisation meets the standard There is an accredited, nominated and appropriately trained person(s) who is employed or contracted in to conduct the full range of counter fraud, bribery and corruption work on behalf of the organisation.
The nominated person(s) attends training and undertakes continuing professional development as required to appropriately fulfil their role, on an ongoing basis. Guidance, supporting documentation and evidence Organisations should consider the following (the list is not exhaustive): Training records held by the NHSCFA Accreditation records held by the NHSCFA Nomination records held by the NHSCFA or NHS CFS Wales. Nomination process can be found at https://cfa.nhs.uk/fraudprevention/information-local-counter-fraud-specialists Evidence of continuing professional development
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 24 of 69 Standard 1.4 The organisation has carried out risk assessments to identify fraud, bribery and corruption risks, and has counter fraud, bribery and corruption provision that is proportionate to the level of risk identified. Measures to mitigate identified risks are included in an organisational work plan, progress is monitored at a senior level within the organisation and results are fed back to the audit committee (or equivalent body).
Rationale An effective risk management programme and risk based work plan enables the organisation to target NHS funded resources at the areas of greatest risk, and will assist it in prioritising counter fraud, bribery and corruption activities.
Ratings Organisation does not meet the standard There is no evidence of any risk assessments carried out to identify fraud, bribery and corruption risks at the organisation. Where risk assessments have been carried out, no adequate resources have been allocated to mitigate the risks identified and an organisational work plan has not been developed.
Where an organisational work plan has been developed, it is not fit for purpose. For example, the work plan may not cover the required key areas of counter fraud, bribery and corruption activity as outlined in NHSCFA’s national strategy. Resources may be inadequate to perform identified tasks and/or organisational risks may be insufficiently addressed. The objectives in the work plan are not measurable. Organisation partially meets the standard Risk assessments have been carried out to identify fraud, bribery and corruption risks at the organisation.
Actions to mitigate/reduce risks have been appropriately prioritised and documented in a work plan which covers the required NHSCFA areas of activity.
Adequate resources have been assigned to specific areas of work. The objectives in the work plan are measurable, however there is no evidence that the effectiveness of activities carried out under it has been measured.
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 25 of 69 Organisation meets the standard Resources to carry out the work are realistically assessed and suitable for addressing the risk identified within a reasonable timescale. Risk based work plan objectives are demonstrably achieved. Where necessary, additional resources are allocated during the year to address emerging risks. Progress is continuously monitored at a senior level to ensure that risks are mitigated and that resources remain suitable for this purpose.
Guidance, supporting documentation and evidence Organisations should consider the following (the list is not exhaustive): The NHSCFA strategy document ‘Leading the fight against NHS Fraud - Organisational Strategy 2017-2020’ Risk assessment materials Evidence of liaison with risk management staff within the organisation Evidence of risk monitoring being done at a senior level Relevant meeting minutes, action points and records of their execution Audit committee minutes Counter fraud, bribery and corruption work plan Progress reports Organisational risk register
OFFICIAL Standards for NHS Providers 2018-19 - Standards - Page 26 of 69 Standard 1.5 The organisation reports annually on how it has met the standards set by NHSCFA in relation to counter fraud, bribery and corruption work, and details corrective action where standards have not been met. Rationale An annual report is the main way for the organisation to report on performance against its counter fraud, bribery and corruption objectives, both internally and externally. Reviewing its success or otherwise in achieving objectives will assist the organisation in planning ahead, driving up performance and verifying that it has the appropriate level of assurance in this area.
Ratings Organisation does not meet the standard There is no evidence that the organisation has completed an annual report demonstrating progress against counter fraud, bribery and corruption objectives. Where an annual report has been completed, it does not cover all key areas of counter fraud, bribery and corruption activity as outlined in NHSCFA’s strategy. The report does not provide a full update on actions taken to counter fraud, bribery and corruption as outlined in the work plan for that year. Where an NHSCFA quality assessment has been conducted, there is no update on the progress made against the action plan.
The annual report does not contain a fully completed self review tool against the standards or a statement of assurance.
There is no evidence that the annual report has been reviewed or signed off by the organisation. Organisation partially meets the standard Not applicable to this standard. Organisation meets the standard The annual report on counter fraud, bribery and corruption work complies with the NHSCFA’s guidance in relation to content, referring to all applicable standards for fraud, bribery and corruption appropriately, and providing a clear update on progress against work plan objectives. An appropriately signed statement of assurance is included in the annual report. A fully completed self review tool is included with the annual report.